If you’re an asset manager or an application administrator, you must have had - or are about to have - a lot of work since there’s a new Chrome zero-day vulnerability in the wild. Google issued an emergency security update due to the severity of exploit CVE-2022-1096. A few days later, Microsoft joined the recommendation, advising Chromium Edge users to update their browsers as well.
Therefore, if you haven’t already, you should check your browser details to check if it’s updated to version 99.0.4844.84 of Chrome or version 99.0.1150.55 or higher of Edge.
So far, details of this Chrome zero-day exploit remain under wraps. What we know is that Google assigned it a high priority and that it’s related to “Type Confusion in V8.” According to The Hacker News, “type confusion errors, which arise when a resource is accessed using a type that’s incompatible to what was originally initialized, could have serious consequences in languages that are not memory safe like C and C++, enabling a malicious actor to perform out-of-bounds memory access. The fact that the update included only one security fix affirms the severity of the issue.
This is the sixth zero-day vulnerability Google reports in 2022, which implies there’s an increasing number of exploits. The company believes there’s a combination of factors that cause the trend. Of course there may be more exploits in the wild, but that simply means more visibility on the subject is required.
No matter the reason behind this trend, paying attention to Chrome zero-day vulnerabilities is the smart thing to do. And it seems like something you may be doing more and more often.
Chrome zero-day: How to push updates to your company assets with InvGate Insight
If you’re an end-user managing your own computer, it’s rather easy to manage your security. After all, you only have a few devices to check. But if you are in charge of the security of a whole company, keeping every asset updated turns into a challenge.
Because we don’t want you to waste time sending a blast email warning employees to update their browsers - since they will probably end up in the trash without being opened - we have a solution that allows you, as a manager, to push software updates.
In InvGate Insight, it’s very easy to see which assets need updating. Just open Insight, go to Explorer, and type in on the Search bar “Software name, is: Google Chrome.” Now you have a list of all the devices where this particular browser is installed. Then, add another filter to the Search bar to see all the outdated assets. In order to do that, add the following filter: “Reported version, is not:” and paste Chrome’s patched version (99.0.4844.84).
That’s it! With a few clicks, you created a list of devices that need to be updated as soon as possible. You can export it in CSV and give it to one of your agents to patch or create a ticket so they can be manually updated.
Don't let the next Chrome zero-day exploit catch you off guard, try InvGate Insight now, and forget about security issues once and for all!
